Removed use of wmic from security_identifier resource as it will be deprecated soon

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
Vasu1105 2021-08-30 12:47:03 +05:30
parent 601238ca81
commit 2100a66bef
5 changed files with 17 additions and 23 deletions

View file

@ -57,14 +57,14 @@ module Inspec::Resources
@sids = {}
case @type
when :group
sid_data = wmi_results(:group)
sid_data = cim_results(:group)
when :user
sid_data = wmi_results(:user)
sid_data = cim_results(:user)
when :unspecified
# try group first, then user
sid_data = wmi_results(:group)
sid_data = cim_results(:group)
if sid_data.empty?
sid_data = wmi_results(:user)
sid_data = cim_results(:user)
end
else
raise "Unhandled entity type '#{@type}'"
@ -72,20 +72,14 @@ module Inspec::Resources
sid_data.each { |sid| @sids[sid[1]] = sid[2] }
end
def wmi_results(type)
query = "wmic "
def cim_results(type)
case type
when :group
query += "group"
cmd = "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID | Where-Object { $_.Name -eq '#{@name}' -and { $_.SIDType -eq 4 -or $_.SIDType -eq 5 } } | ConvertTo-Csv -NoTypeInformation"
when :user
query += "useraccount"
cmd = "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq '#{@name}' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation"
end
query += " where 'Name=\"#{@name}\"' get Name\",\"SID /format:csv"
# Example output:
# inspec> command("wmic useraccount where 'Name=\"Administrator\"' get Name\",\"SID /format:csv").stdout
# => "\r\n\r\nNode,Name,SID\r\n\r\nComputer1,Administrator,S-1-5-21-650485088-1194226989-968533923-500\r\n\r\n"
# Remove the \r characters, split on \n\n, ignore the CSV header row
inspec.command(query).stdout.strip.tr("\r", "").split("\n\n")[1..-1].map { |entry| entry.split(",") }
inspec.command(cmd).stdout.strip.gsub("\"", "").tr("\r", "").split("\n")[1..-1].map { |entry| entry.split(",") }
end
end
end

View file

@ -1,4 +1,4 @@
Node,Name,SID
Domain,Name,SID
Computer1,Alice,S-1-5-21-1601936709-1892662786-3840804712-315762

View file

@ -1,4 +1,4 @@
Node,Name,SID
Domain,Name,SID
Computer1,Guests,S-1-5-32-546

View file

@ -1,3 +1,3 @@
Node,
Domain,

View file

@ -565,12 +565,12 @@ class MockLoader
"(New-Object System.Security.Principal.SecurityIdentifier(\"S-1-5-32-544\")).Translate( [System.Security.Principal.NTAccount]).Value" => cmd.call("security-policy-sid-translated"),
"(New-Object System.Security.Principal.SecurityIdentifier(\"S-1-5-32-555\")).Translate( [System.Security.Principal.NTAccount]).Value" => cmd.call("security-policy-sid-untranslated"),
# Windows SID calls
'wmic useraccount where \'Name="Alice"\' get Name","SID /format:csv' => cmd.call("security-identifier-alice"),
'wmic useraccount where \'Name="Bob"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"),
'wmic useraccount where \'Name="DontExist"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"),
'wmic group where \'Name="Guests"\' get Name","SID /format:csv' => cmd.call("security-identifier-guests"),
'wmic group where \'Name="DontExist"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"),
# Windows SID calls with CimInstance
"Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq 'Alice' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-alice"),
"Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq 'Bob' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-unknown"),
"Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq 'DontExist' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-unknown"),
"Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID | Where-Object { $_.Name -eq 'Guests' -and { $_.SIDType -eq 4 -or $_.SIDType -eq 5 } } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-guests"),
"Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID | Where-Object { $_.Name -eq 'DontExist' -and { $_.SIDType -eq 4 -or $_.SIDType -eq 5 } } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-unknown"),
# alpine package commands
"apk info -vv --no-network | grep git" => cmd.call("apk-info-grep-git"),